Samsung says it has fixed a zero-day security vulnerability that is being used to hack into customer phones.
The phone maker said that a security flaw discovered in the software library to display images on Samsung devices allows hackers to remotely plant malicious code on Samsung devices running Android 13 via the latest version, Android 16.
Samsung's advisory said that Meta and WhatsApp security teams personally notified the company on August 13, saying “the exploitation of this issue is present in the wild.”
Samsung did not provide a list of devices affected by the vulnerability.
Bugs are known as zero day. This is because in this case, the Samsung vendor was not given time to fix the bug before it was exploited.
It's not immediately clear who is behind the hacking campaign or how many Samsung customers will be affected. A Samsung spokesman did not respond to requests for comment submitted prior to its publication.
However, the security fixes coincided with a surge in security updates from other phone software vendors that aim to counter ongoing spyware campaigns.
The Samsung security patch will fix a vulnerability that security researchers used to target both iPhone owners and Android users following separate security fixes issued by Apple and WhatsApp in August.
WhatsApp told TechCrunch that the messaging app maker has sent fewer than 200 notifications to users whose phones have been targeted or compromised by the campaign.
Apple has not commented on patched vulnerabilities except that it uses flaws in “very sophisticated attacks on specific targeted individuals.”
Apple regularly notifies new victims of potential spyware attacks and asks them to seek assistance from Access Now's digital security lab. According to the French government, the tech giant recently notified customers on September 3 that the number of customers has been targeted as part of a spyware campaign.